#!/bin/bash 
set -e


TMP=${TMP:-/tmp/work}
LOG=${LOG:-$HOME/logs/stage4}
SRC=${SRC:-/sources}

name=openssh
version=8.4p1

rm -rf $TMP
mkdir -p $TMP $LOG

tar xf $SRC/$name-$version.tar.gz -C $TMP

{ time \
   {

    cd $TMP/$name-$version
    
install  -v -m700 -d /var/lib/sshd
chown    -v root:sys /var/lib/sshd

groupadd -g 50 sshd
useradd  -c 'sshd PrivSep' \
         -d /var/lib/sshd  \
         -g sshd           \
         -s /bin/false     \
         -u 50 sshd

	sed -e '/INSTALLKEYS_SH/s/)//' -e '260a\  )' -i contrib/ssh-copy-id

	./configure --prefix=/usr                     \
	            --sysconfdir=/etc/ssh             \
	            --with-md5-passwords              \
	            --with-privsep-path=/var/lib/sshd \
	            --with-xauth=/usr/bin/xauth       \
	            --with-pam
	make

	make install
	install -v -m755    contrib/ssh-copy-id /usr/bin

	install -v -m644    contrib/ssh-copy-id.1 \
	                    /usr/share/man/man1
	install -v -m755 -d /usr/share/doc/$name-$version
	install -v -m644    INSTALL LICENCE OVERVIEW README* \
	                    /usr/share/doc/$name-$version

	echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
	echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config

	sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd
	chmod 644 /etc/pam.d/sshd
	echo "UsePAM yes" >> /etc/ssh/sshd_config


	tar xf $SRC/blfs-systemd-units-20210122.tar.xz
	cd blfs-systemd-units-20210122
	make install-sshd

	systemctl enable sshd
	
    }
} 2>&1 | tee $name.log
    
[ $PIPESTATUS = 0 ] && mv $name.log $LOG || exit $PIPESTATUS

rm -fr $TMP
